Malicious PDF — malware analysis report

Static analysis result for SHA-256 5cf12a8d2ad60d72…

MALICIOUS

PDF

33.2 KB Created: 2020-01-17 19:19:10 +03:00 Authoring application: Documill Publishor 6.3.9.1 by Documill (http://www.documill.com/) (via iText 2.1.6 by 1T3XT)
MD5: f51f1a77c68088269ce647d3239c01c9 SHA-1: 217c8b9bdb491ed9f1cc8a1922126bb0fb7946ea SHA-256: 5cf12a8d2ad60d7239e2714a71c8895d860d3817a5e45640c2823656a1ef6d94
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged the document as malicious. The embedded URLs suggest an attempt to manipulate search engine results or distribute a large volume of content, potentially malicious, from a single domain.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8529

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/landscape-gardening.pdf
    • http://www.gorillawalker.com/soliman-le-magnifique-french-edition.pdf
    • http://www.gorillawalker.com/the-genesis-one-code-demonstrates-a-clear-alignment-between-the.pdf
    • http://www.gorillawalker.com/the-austin-clarke-library-the-polished-hoe-choosing-his-coffin.pdf
    • http://www.gorillawalker.com/cardiovascular-care-made-incredibly-easy-incredibly-easy-series.pdf
    • http://www.gorillawalker.com/management-of-insurance-operations.pdf
    • http://www.gorillawalker.com/cliffhanger-writing-prompts-30-one-page-story-starters-that-fire.pdf
    • http://www.gorillawalker.com/transiting-exoplanets.pdf
    • http://www.gorillawalker.com/sensual-massage-made-simple.pdf
    • http://www.gorillawalker.com/50-common-errors-a-practical-guide-for-english-learners-practical.pdf
    • http://www.gorillawalker.com/practical-handbook-of-genetic-algorithms-applications-volume-i.pdf
    • http://www.gorillawalker.com/exploring-the-jewels-of-the-emerald-city-seattle-washington-an.pdf
    • http://www.gorillawalker.com/tragedy-myth-and-mystery.pdf
    • http://www.gorillawalker.com/original-printed-patent-application-number-8-657-for-an-improved.pdf
    • http://www.gorillawalker.com/into-chaos-into-magic-urban-fantasy-series-book-2.pdf
    • http://www.gorillawalker.com/caseflow-management-the-heart-of-court-management-in-the-new.pdf
    • http://www.gorillawalker.com/theory-and-advances-of-tribology.pdf
    • http://www.gorillawalker.com/rapid-clinical-pharmacology-a-student-formulary.pdf
    • http://www.gorillawalker.com/dyslexia-dyscalculia-and-mathematics-a-practical-guide.pdf
    • http://www.gorillawalker.com/pet-shop-of-horrors-vol-6.pdf
    • http://www.gorillawalker.com/planning-drain-waste-vent-systems.pdf
    • http://www.gorillawalker.com/the-powers-of-literacy-rle-edu-i-a-genre-approach.pdf
    • http://www.gorillawalker.com/learning-solidworks-2003-solidwks-sdk-2nd-edition.pdf
    • http://www.gorillawalker.com/arthur-schopenhauer-knowledge-products-giants-of-philosophy-library-edition.pdf
    • http://www.gorillawalker.com/paper-models-that-rock-six-pendulum-automata-dover-origami-papercraft.pdf
    • http://www.gorillawalker.com/jake-the-cowboys.pdf
    • http://www.gorillawalker.com/the-lost-world-and-other-thrilling-tales.pdf
    • http://www.gorillawalker.com/a-man-apart-bill-coperthwaite-s-radical-experiment-in-living.pdf
    • http://www.gorillawalker.com/handbook-of-biosensors-and-biosensor-kinetics.pdf
    • http://www.gorillawalker.com/scjp-sun-certified-programmer-for-java-5-study-guide-exam.pdf
    • http://www.gorillawalker.com/street-art-stencils.pdf
    • http://www.gorillawalker.com/how-to-buy-property-in-cyprus-an-insider-s-guide.pdf
    • http://www.gorillawalker.com/o-holy-night-oxford-christmas-music.pdf
    • http://www.gorillawalker.com/the-complete-guide-to-working-with-worms-using-the-gardener.pdf
    • http://www.gorillawalker.com/the-cambridge-companion-to-arthur-miller-cambridge-companions-to-literature.pdf
    • http://www.gorillawalker.com/ethics-in-psychology-professional-standards-and-cases-oxford-series-in.pdf
    • http://www.gorillawalker.com/blackmail-bfi-film-classics.pdf
    • http://www.gorillawalker.com/the-survival-guide-for-kids-with-behavior-challenges-how-to.pdf
    • http://www.gorillawalker.com/les-origines-de-l-op-ra-et-le-ballet-de.pdf
    • http://www.gorillawalker.com/durability-of-composite-materials-md.pdf
    • http://www.documill.com/
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.